Skip to content
Snippets Groups Projects
Commit 1a893230 authored by Nick Wellnhofer's avatar Nick Wellnhofer
Browse files

[CVE-2024-40896] Fix XXE protection in downstream code

Some users set an entity's children manually in the getEntity SAX
callback to restrict entity expansion. This stopped working after
renaming the "checked" member of xmlEntity, making at least one
downstream project and its dependants susceptible to XXE attacks.

See #761.
parent 6cc2387e
No related branches found
No related tags found
Loading
Pipeline #709997 passed
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment